new feature - polkit auth agent support partly in core (need to have
the pam setuid root auth tool respond via dbus) and partly a module
(the agent dbus protocol handling and setup as well as auth gui). this
took me a while even with all the docs to work out how polkit works...
it was really fussy and its data structs are an extra pain in the butt
to craft with eldbus, but i managed it. not everything is supported
but the core basics are there and this can be built on.
right now the gui is really basic, but does the job.
this should fix T6211 ensuring no drivers can cause a segfault at exit
time. this also happens to remove the enlightenment_sys -z option for
openbsd and unifies all the passwd checking into the single
enlightenment_ckpasswd binary util (that has ifdefs for openbsd,
freebsd and linux pam in it).
this simplifies code removing a mess of auth being done in multiple
places, removes special fork vs run 1 exe or a different exe in
different cases making it more maintainable. yes - this requires
enlightenment_ckpasswd to be setuid root, but it already was when it
was built.
@fix
Summary:
PAM on FreeBSD, unlike on Linux, does not allow users to check their own
password. Instead, we need a suid helper to do it for us. Add such a
helper on FreeBSD.
For now, it is limited to checking users in the local password database
(traditional Unix passwd file). This could and should be extended to use
PAM in a later patch.
Test Plan:
Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior
in each instance.
Reviewers: q66, zmike
Reviewed By: q66, zmike
Subscribers: cedric, seoz
Differential Revision: https://phab.enlightenment.org/D2355